[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faJxpJYgT9o6K5GVf1rYdxAUuteJQNmDbx_ToZApwx7E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":135,"fingerprints":198},"ultimas-noticias","Ultimas Noticias","2.1","BibliaTodo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbibliatodo\u002F","\u003Cp>Muestra en tu sitio web las ultimas noticias en el hambito internacional, todos los dias nuestros editores publican las mejores noticias para mantener tu sitio actualizado..\u003C\u002Fp>\n","Este plugins le muestra las últimas noticias en el hambito internacional,  por Bibliatodo.com",10,3158,100,1,"2021-07-14T20:30:00.000Z","5.7.15","2.7.0","",[20,21,22,23,24],"bibliatodo","news","noticias","noticia","ultimas","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimas-noticias\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimas-noticias.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":20,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},8,150,94,30,90,"2026-04-05T03:40:34.813Z",[40,59,78,96,116],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":13,"num_ratings":14,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"notipress-noticias","NotiPress Noticias","1.4.12","ntpmx","https:\u002F\u002Fprofiles.wordpress.org\u002Fntpmx\u002F","\u003Cp>El complemento NotiPress Noticias es la manera más fácil de tener acceso a contenidos informativos de negocios, tecnología, economía, internacionales y estilo de vida, entre otros contenidos. La agencia de noticias NotiPress con sede en Ciudad de México pone a disposición de los medios de comunicación el plugin para descargar notas, directo a WordPress.\u003C\u002Fp>\n\u003Cp>Para activar el plugin, el medio de comunicación deberá contar con una clave de licencia. Podrá \u003Ca href=\"https:\u002F\u002Fn8.ar\u002Fnotifree\" rel=\"nofollow ugc\">solicitar una licencia de prueba\u003C\u002Fa> para evaluar el servicio NotiPro Connect.\u003C\u002Fp>\n","Plugin para la obtención de contenidos informativos de la agencia de noticias NotiPress.",20,4022,"2025-10-01T06:32:00.000Z","6.8.5","5.0","5.6",[55,56,21,22,23],"argentina","colombia","https:\u002F\u002Fnotipress.mx\u002Fntpmx","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotipress-noticias.1.4.12.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":28,"num_ratings":28,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":76,"download_link":77,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"manchete-atual-newsfeed","Manchete Atual – Newsfeed","1.0.2","Luís Peralta","https:\u002F\u002Fprofiles.wordpress.org\u002Faeiouads\u002F","\u003Cp>Agora pode ter as notícias mais recentes e\u002Fou mais importantes no seu site ou blog. Conteúdos disponibilizados pelo site Manchete Atual.\u003Cbr \u002F>\nO Newsfeed usa design responsivo para se adaptar ao seu site e pode ser personalizado o número de entradas a mostrar, até um máximo de 10 notícias, bem como o tipo de notícias a listar: Mais Recentes ou Destaques Manchete Atual.\u003C\u002Fp>\n\u003Cp>Nota:\u003Cbr \u002F>\nEste plugin faz uso do sistema de cache do WordPress (5 min) para evitar pedidos constantes ao servidor do Manchete Atual.\u003C\u002Fp>\n","Newsfeed, Listagem de notícias, personalizavel, disponibilizado com conteúdos do site Manchete Atual.",1921,"2013-08-26T16:10:00.000Z","3.5.2","2.5",[72,73,74,75,22],"brasil","manchete-atual","manchetes","newsfeed","http:\u002F\u002Fmancheteatual.com.br\u002Fsites\u002Fdefault\u002Ffiles\u002Fnewsfeed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanchete-atual-newsfeed.1.0.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":13,"downloaded":86,"rating":28,"num_ratings":28,"last_updated":87,"tested_up_to":51,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"brasil-61-conteudo-gratuito-para-radios-sites-e-blogs","Brasil 61 – Conteúdo gratuito para rádios, sites e blogs.","1.1.1","brasil61","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrasil61\u002F","\u003Cp>O Brasil 61 fornece diariamente conteúdos radiofônicos e em texto web para comunicadores de rádio e mídias digitais online de todo o Brasil. Todos os conteúdos são gratuitos, livres para veiculação, e tratam de temáticas regionalizadas e informações estratégicas para os municípios, como repasses de recursos federais para as prefeituras de todo o país.\u003C\u002Fp>\n\u003Cp>Agora, você pode manter um site que se atualiza automaticamente, com novos conteúdos diários. A melhor parte? O plugin do Brasil 61 é gratuito e vai te ajudar a impulsionar seu marketing de conteúdo, a melhorar o seu SEO, a aumentar o envolvimento do seu público e trazer mais visualizações. Tudo isso pode trazer um maior ganho financeiro para seu veículo.\u003C\u002Fp>\n\u003Cp>Experimente o plugin do Brasil 61 hoje mesmo!\u003C\u002Fp>\n\u003Ch4>Confira a seguir nossos principais editoriais:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Ftempo\" rel=\"nofollow ugc\">Tempo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fagronegocios\" rel=\"nofollow ugc\">Agro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fsaude\" rel=\"nofollow ugc\">Saúde\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fnoticias\u002Ftag\u002Ffpm\" rel=\"nofollow ugc\">FPM\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fnoticias\u002Ftag\u002Fcfem\" rel=\"nofollow ugc\">CFEM\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fpolitica\" rel=\"nofollow ugc\">Política\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Feconomia\" rel=\"nofollow ugc\">Economia\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fmeio-ambiente\" rel=\"nofollow ugc\">Meio Ambiente\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Feducacao\" rel=\"nofollow ugc\">Educação\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbrasil61.com\u002Fcultura\" rel=\"nofollow ugc\">Cultura\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin para importação automática de notícias do portal Brasil61.",4994,"2025-11-06T18:38:00.000Z","5.2","7.2",[91,82,92,93],"brasil-61","importacao-de-noticias","importar-noticias-brasil61","https:\u002F\u002Fbrasil61.com\u002Fquem-somos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbrasil-61-conteudo-gratuito-para-radios-sites-e-blogs.1.1.1.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":28,"num_ratings":28,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":113,"download_link":114,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":115},"calendario-del-peru","Calendario del Perú","1","deperucom","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeperucom\u002F","\u003Cp>Muestra los eventos del día en el \u003Ca href=\"https:\u002F\u002Fwww.deperu.com\u002Fcalendario\u002F\" rel=\"nofollow ugc\">Calendario peruano\u003C\u002Fa> publicados en DePeru.com\u003C\u002Fp>\n\u003Cp>\u003Cem>El Calendario incluye los días internacionales, celebraciones nacionales, efemérides, etc.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Este plugin mostrará 5 eventos del Calendario, todos los días. Es muy probable que algunos días tengamos registrados más de 5 eventos, pero solo se mostrará esa cantidad. Si observa menos es porque no tenemos registrados más eventos.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Observaciones del Calendario:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Todos los titulares tienen un link hacia el artículo correspondiente.\u003C\u002Fli>\n\u003Cli>Muestra 5 eventos en forma predeterminada, a menos que tengamos menos notas registradas en el sitio.\u003C\u002Fli>\n\u003Cli>Próxima versión mostrará si el día es feriado, permitirá aumentar o disminuir los eventos mostrados, permitirá cambiar el título, etc.\u003C\u002Fli>\n\u003Cli>Funciona con todos los temas, usa los colores y tamaños del tema que se esté usando.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Muchas gracias por usar nuestro calendario, le recomendamos visite nuestra sección de \u003Ca href=\"https:\u002F\u002Fwww.deperu.com\u002Fnoticias\u002F\" rel=\"nofollow ugc\">noticias de actualidad\u003C\u002Fa> en nuestro portal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>CONFIANZA\u003C\u002Fstrong>\u003Cbr \u002F>\nEste plugin \u003Cem>no recoge datos y no muestra publicidad\u003C\u002Fem> dentro del blog instalado. La privacidad de sus visitantes está garantizada.\u003C\u002Fp>\n","Muestra eventos del día del Calendario peruano. Este plugin mostrará 5 titulares del Calendario, todos los días.",2360,"2021-07-14T02:01:00.000Z","5.8.13","4.1",[109,110,22,111,112],"calendario","eventos","peru","peruanos","http:\u002F\u002Fwww.deperu.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendario-del-peru.zip","2026-03-15T14:54:45.397Z",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":28,"num_ratings":28,"last_updated":125,"tested_up_to":51,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":133,"download_link":134,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"dino-divulgador-de-noticias","Dino Divulgador de Notícias","3.4","dinoknewin","https:\u002F\u002Fprofiles.wordpress.org\u002Fdinoknewin\u002F","\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>Este plugin se conecta aos seguintes serviços externos:\u003Cbr \u002F>\n– Gravatar (https:\u002F\u002Fgravatar.com) para exibir avatares.\u003Cbr \u002F>\n– Vimeo API (https:\u002F\u002Fvimeo.com) para carregar vídeos.\u003Cbr \u002F>\nNenhum dado pessoal é enviado sem consentimento. Consulte as políticas:\u003Cbr \u002F>\n– Gravatar: https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F\u003Cbr \u002F>\n– Vimeo: https:\u002F\u002Fvimeo.com\u002Fprivacy\u003C\u002Fp>\n","External services",259,"2025-10-08T19:25:00.000Z","4.6","8.0",[129,130,131,132,22],"conhecimento","corporativo","informacoes","negocios","https:\u002F\u002Fdino.com.br\u002Fplanos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdino-divulgador-de-noticias.3.4.zip",{"attackSurface":136,"codeSignals":152,"taintFlows":183,"riskAssessment":184,"analyzedAt":197},{"hooks":137,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":151,"entryPointCount":14,"unprotectedCount":28},[138],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","widgets_init","anonymous","unb-ultimas-noticias.php",101,[],[],[147],{"tag":148,"callback":149,"file":142,"line":150},"unb_ultimas_noticias","unb_ultimas_funcion_noticias",41,[],{"dangerousFunctions":153,"sqlUsage":156,"outputEscaping":158,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":182},[154],{"fn":155,"file":142,"line":143,"context":18},"create_function",{"prepared":28,"raw":28,"locations":157},[],{"escaped":159,"rawEcho":160,"locations":161},2,12,[162,165,166,167,169,170,172,173,175,176,178,180],{"file":142,"line":163,"context":164},57,"raw output",{"file":142,"line":163,"context":164},{"file":142,"line":163,"context":164},{"file":142,"line":168,"context":164},60,{"file":142,"line":168,"context":164},{"file":142,"line":171,"context":164},67,{"file":142,"line":171,"context":164},{"file":142,"line":174,"context":164},68,{"file":142,"line":37,"context":164},{"file":142,"line":177,"context":164},93,{"file":142,"line":179,"context":164},96,{"file":142,"line":181,"context":164},97,[],[],{"summary":185,"deductions":186},"The 'ultimas-noticias' plugin v2.1 exhibits a mixed security posture. On one hand, it demonstrates good practices by avoiding direct SQL queries, not making external HTTP requests, and having no recorded vulnerabilities or CVEs. The static analysis also indicates a very small attack surface with only one shortcode and no direct AJAX or REST API entry points without checks. However, several significant concerns are present. The use of the deprecated `create_function` is a critical security anti-pattern that can lead to remote code execution if the input it processes is not strictly controlled. Furthermore, the plugin's output escaping is alarmingly low at only 14%, suggesting a high likelihood of cross-site scripting (XSS) vulnerabilities. The absence of any nonce or capability checks on its single entry point (the shortcode) means that any user, regardless of their role or permissions, can trigger its functionality, potentially leading to unauthorized actions or content injection if combined with the output escaping issues.\n\nWhile the lack of known vulnerabilities and a small attack surface are positive indicators, the presence of dangerous code constructs like `create_function` and the severe lack of output escaping represent substantial risks. The vulnerability history shows a clean slate, which is good, but it doesn't negate the inherent risks identified in the current codebase. The plugin needs urgent attention to address the `create_function` usage and significantly improve its output escaping mechanisms. Without these, the plugin remains vulnerable to critical security flaws despite its otherwise low-profile attack surface.",[187,190,192,194],{"reason":188,"points":189},"Use of deprecated and dangerous create_function",15,{"reason":191,"points":160},"Low output escaping percentage (14%)",{"reason":193,"points":33},"Missing nonce checks on entry points",{"reason":195,"points":196},"Missing capability checks on entry points",7,"2026-03-16T23:46:26.798Z",{"wat":199,"direct":205},{"assetPaths":200,"generatorPatterns":201,"scriptPaths":202,"versionParams":204},[],[],[203],"https:\u002F\u002Fwww.bibliatodo.com\u002Fassets\u002Fjs\u002Fwordpress\u002Fes\u002Fwidget-news.js",[],{"cssClasses":206,"htmlComments":208,"htmlAttributes":210,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":214},[207],"vdd_widefat",[209],"\u003C!--\u003Coption value=\"en\" \u003C?php _e($language == 'en' ? 'selected' : ''); ?>>Ingles\u003C\u002Foption>-->",[211],"id=\"unb_ultimas_noticiasWidget\"",[],[],[215,216],"[unb_ultimas_noticias]","\u003Cscript type=\"text\u002Fjavascript\" language=\"javascript\" src=\"https:\u002F\u002Fwww.bibliatodo.com\u002Fassets\u002Fjs\u002Fwordpress\u002Fes\u002Fwidget-news.js\">\u003C\u002Fscript>"]